chore: Configure Renovate

[renovate[bot]]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .github/workflows/bandit.yml (github-actions)
• .github/workflows/dependabot-auto-approve.yml (github-actions)
• .github/workflows/dependabot-auto-label.yml (github-actions)
• .github/workflows/dependbot-fetch-metadata.yml (github-actions)
• .github/workflows/dependency-review.yml (github-actions)
• .github/workflows/devskim.yml (github-actions)
• .github/workflows/docs-build.yml (github-actions)
• .github/workflows/generator-generic-ossf-slsa3-publish.yml (github-actions)
• .github/workflows/label.yml (github-actions)
• .github/workflows/manual.yml (github-actions)
• .github/workflows/ossar.yml (github-actions)
• .github/workflows/pyre.yml (github-actions)
• .github/workflows/pysa.yml (github-actions)
• .github/workflows/python-package.yml (github-actions)
• .github/workflows/python-publish.yml (github-actions)
• .github/workflows/release-drafter.yml (github-actions)
• .github/workflows/scorecard.yml (github-actions)
• .github/workflows/snyk-security.yml (github-actions)
• .github/workflows/stale.yml (github-actions)
• requirements.txt (pip_requirements)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 16 Pull Requests:

chore(deps): update actions/checkout digest to 93ea575

- Schedule: ["at any time"] - Branch name: `renovate/actions-checkout-digest` - Merge into: `main` - Upgrade [actions/checkout](https://togithub.com/actions/checkout) to `93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8`

chore(deps): update facebook/pyre-action digest to 6dc86fc

- Schedule: ["at any time"] - Branch name: `renovate/facebook-pyre-action-digest` - Merge into: `main` - Upgrade facebook/pyre-action to `6dc86fc8f40e0f15cdd8a59d9f93294cf72a0863`

chore(deps): update facebook/pysa-action digest to 15c7aea

- Schedule: ["at any time"] - Branch name: `renovate/facebook-pysa-action-digest` - Merge into: `main` - Upgrade facebook/pysa-action to `15c7aea01cff64049bafe04fac871bd2cb50df56`

chore(deps): update github/codeql-action digest to 8075783

- Schedule: ["at any time"] - Branch name: `renovate/github-codeql-action-digest` - Merge into: `main` - Upgrade [github/codeql-action](https://togithub.com/github/codeql-action) to `807578363a7869ca324a79039e6db9c843e0e100`

chore(deps): update snyk/actions digest to 8349f90

- Schedule: ["at any time"] - Branch name: `renovate/snyk-actions-digest` - Merge into: `main` - Upgrade snyk/actions to `8349f9043a8b7f0f3ee8885bf28f0b388d2446e8`

chore(deps): update actions/checkout action to v3.6.0

- Schedule: ["at any time"] - Branch name: `renovate/actions-checkout-3.x` - Merge into: `main` - Upgrade [actions/checkout](https://togithub.com/actions/checkout) to `f43a0e5ff2bd294095638e18286ca9a3d1956744`

chore(deps): update github/codeql-action action to v2.24.9

- Schedule: ["at any time"] - Branch name: `renovate/github-codeql-action-2.x` - Merge into: `main` - Upgrade [github/codeql-action](https://togithub.com/github/codeql-action) to `a82bad71823183e5b120ab52d521460ecb0585fe`

chore(deps): update slsa-framework/slsa-github-generator action to v1.10.0

- Schedule: ["at any time"] - Branch name: `renovate/slsa-framework-slsa-github-generator-1.x` - Merge into: `main` - Upgrade [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) to `v1.10.0`

chore(deps): update actions/checkout action to v4

- Schedule: ["at any time"] - Branch name: `renovate/actions-checkout-4.x` - Merge into: `main` - Upgrade [actions/checkout](https://togithub.com/actions/checkout) to `v4` - Upgrade [actions/checkout](https://togithub.com/actions/checkout) to `b4ffde65f46336ab88eb53be808477a3936bae11`

chore(deps): update actions/labeler action to v5

- Schedule: ["at any time"] - Branch name: `renovate/actions-labeler-5.x` - Merge into: `main` - Upgrade [actions/labeler](https://togithub.com/actions/labeler) to `v5`

chore(deps): update actions/setup-python action to v5

- Schedule: ["at any time"] - Branch name: `renovate/actions-setup-python-5.x` - Merge into: `main` - Upgrade [actions/setup-python](https://togithub.com/actions/setup-python) to `v5`

chore(deps): update actions/stale action to v9

- Schedule: ["at any time"] - Branch name: `renovate/actions-stale-9.x` - Merge into: `main` - Upgrade [actions/stale](https://togithub.com/actions/stale) to `v9`

chore(deps): update dependabot/fetch-metadata action to v2

- Schedule: ["at any time"] - Branch name: `renovate/dependabot-fetch-metadata-2.x` - Merge into: `main` - Upgrade [dependabot/fetch-metadata](https://togithub.com/dependabot/fetch-metadata) to `v2`

chore(deps): update dependency ubuntu to v22

- Schedule: ["at any time"] - Branch name: `renovate/ubuntu-22.x` - Merge into: `main` - Upgrade [ubuntu](https://togithub.com/actions/runner-images) to `22.04`

chore(deps): update github/codeql-action action to v3

- Schedule: ["at any time"] - Branch name: `renovate/github-codeql-action-3.x` - Merge into: `main` - Upgrade [github/codeql-action](https://togithub.com/github/codeql-action) to `v3` - Upgrade [github/codeql-action](https://togithub.com/github/codeql-action) to `1b1aada464948af03b950897e5eb522f92603cc2`

chore(deps): update release-drafter/release-drafter action to v6

- Schedule: ["at any time"] - Branch name: `renovate/release-drafter-release-drafter-6.x` - Merge into: `main` - Upgrade [release-drafter/release-drafter](https://togithub.com/release-drafter/release-drafter) to `v6`

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files